From 2a4ebeafc49e060adca1060d0346f4dacddfc2e2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:22:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0033.json | 190 +++++++++++++------------- 2002/0xxx/CVE-2002-0086.json | 190 +++++++++++++------------- 2002/1xxx/CVE-2002-1100.json | 140 +++++++++---------- 2002/1xxx/CVE-2002-1121.json | 200 +++++++++++++-------------- 2002/1xxx/CVE-2002-1306.json | 210 ++++++++++++++--------------- 2002/1xxx/CVE-2002-1409.json | 150 ++++++++++----------- 2002/1xxx/CVE-2002-1698.json | 140 +++++++++---------- 2002/1xxx/CVE-2002-1705.json | 150 ++++++++++----------- 2002/1xxx/CVE-2002-1779.json | 140 +++++++++---------- 2003/0xxx/CVE-2003-0064.json | 160 +++++++++++----------- 2003/0xxx/CVE-2003-0537.json | 120 ++++++++--------- 2003/0xxx/CVE-2003-0601.json | 140 +++++++++---------- 2003/0xxx/CVE-2003-0795.json | 160 +++++++++++----------- 2003/0xxx/CVE-2003-0954.json | 170 +++++++++++------------ 2003/1xxx/CVE-2003-1435.json | 140 +++++++++---------- 2004/2xxx/CVE-2004-2271.json | 190 +++++++++++++------------- 2004/2xxx/CVE-2004-2735.json | 180 ++++++++++++------------- 2012/0xxx/CVE-2012-0885.json | 190 +++++++++++++------------- 2012/1xxx/CVE-2012-1068.json | 170 +++++++++++------------ 2012/1xxx/CVE-2012-1323.json | 34 ++--- 2012/1xxx/CVE-2012-1788.json | 170 +++++++++++------------ 2012/4xxx/CVE-2012-4136.json | 130 +++++++++--------- 2012/4xxx/CVE-2012-4453.json | 190 +++++++++++++------------- 2012/5xxx/CVE-2012-5212.json | 140 +++++++++---------- 2012/5xxx/CVE-2012-5596.json | 34 ++--- 2012/5xxx/CVE-2012-5812.json | 130 +++++++++--------- 2012/5xxx/CVE-2012-5821.json | 160 +++++++++++----------- 2017/2xxx/CVE-2017-2678.json | 34 ++--- 2017/3xxx/CVE-2017-3044.json | 140 +++++++++---------- 2017/3xxx/CVE-2017-3246.json | 164 +++++++++++------------ 2017/3xxx/CVE-2017-3334.json | 166 +++++++++++------------ 2017/3xxx/CVE-2017-3651.json | 238 ++++++++++++++++----------------- 2017/3xxx/CVE-2017-3979.json | 34 ++--- 2017/6xxx/CVE-2017-6762.json | 150 ++++++++++----------- 2017/7xxx/CVE-2017-7082.json | 140 +++++++++---------- 2017/7xxx/CVE-2017-7400.json | 150 ++++++++++----------- 2017/7xxx/CVE-2017-7475.json | 140 +++++++++---------- 2017/8xxx/CVE-2017-8651.json | 132 +++++++++--------- 2018/10xxx/CVE-2018-10442.json | 34 ++--- 2018/10xxx/CVE-2018-10636.json | 132 +++++++++--------- 2018/10xxx/CVE-2018-10690.json | 34 ++--- 2018/10xxx/CVE-2018-10845.json | 200 +++++++++++++-------------- 2018/10xxx/CVE-2018-10945.json | 120 ++++++++--------- 2018/14xxx/CVE-2018-14294.json | 130 +++++++++--------- 2018/14xxx/CVE-2018-14493.json | 130 +++++++++--------- 2018/17xxx/CVE-2018-17072.json | 120 ++++++++--------- 2018/17xxx/CVE-2018-17144.json | 150 ++++++++++----------- 2018/17xxx/CVE-2018-17401.json | 120 ++++++++--------- 2018/20xxx/CVE-2018-20290.json | 34 ++--- 2018/20xxx/CVE-2018-20362.json | 120 ++++++++--------- 2018/20xxx/CVE-2018-20536.json | 120 ++++++++--------- 2018/9xxx/CVE-2018-9099.json | 34 ++--- 2018/9xxx/CVE-2018-9621.json | 34 ++--- 2018/9xxx/CVE-2018-9755.json | 34 ++--- 2018/9xxx/CVE-2018-9931.json | 34 ++--- 55 files changed, 3593 insertions(+), 3593 deletions(-) diff --git a/2002/0xxx/CVE-2002-0033.json b/2002/0xxx/CVE-2002-0033.json index ca1fe330168..db5faa2938b 100644 --- a/2002/0xxx/CVE-2002-0033.json +++ b/2002/0xxx/CVE-2002-0033.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html" - }, - { - "name" : "CA-2002-11", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-11.html" - }, - { - "name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309" - }, - { - "name" : "VU#635811", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/635811" - }, - { - "name" : "4674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4674" - }, - { - "name" : "solaris-cachefsd-name-bo(8999)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8999.php" - }, - { - "name" : "oval:org.mitre.oval:def:124", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A124" - }, - { - "name" : "oval:org.mitre.oval:def:31", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A31" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309" + }, + { + "name": "oval:org.mitre.oval:def:124", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A124" + }, + { + "name": "VU#635811", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/635811" + }, + { + "name": "CA-2002-11", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-11.html" + }, + { + "name": "4674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4674" + }, + { + "name": "oval:org.mitre.oval:def:31", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A31" + }, + { + "name": "20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html" + }, + { + "name": "solaris-cachefsd-name-bo(8999)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8999.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0086.json b/2002/0xxx/CVE-2002-0086.json index ea7f876c926..12d86cfd8ad 100644 --- a/2002/0xxx/CVE-2002-0086.json +++ b/2002/0xxx/CVE-2002-0086.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.esecurityonline.com/advisories/eSO4126.asp", - "refsource" : "MISC", - "url" : "http://www.esecurityonline.com/advisories/eSO4126.asp" - }, - { - "name" : "http://www.esecurityonline.com/advisories/eSO4124.asp", - "refsource" : "MISC", - "url" : "http://www.esecurityonline.com/advisories/eSO4124.asp" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21100441", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21100441" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21095569", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21095569" - }, - { - "name" : "4317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4317" - }, - { - "name" : "4319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4319" - }, - { - "name" : "lotus-domino-notes-execdirectory-bo(8583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583" - }, - { - "name" : "lotus-domino-path-bo(8585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-path-bo(8585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585" + }, + { + "name": "http://www.esecurityonline.com/advisories/eSO4124.asp", + "refsource": "MISC", + "url": "http://www.esecurityonline.com/advisories/eSO4124.asp" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569" + }, + { + "name": "4319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4319" + }, + { + "name": "lotus-domino-notes-execdirectory-bo(8583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583" + }, + { + "name": "4317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4317" + }, + { + "name": "http://www.esecurityonline.com/advisories/eSO4126.asp", + "refsource": "MISC", + "url": "http://www.esecurityonline.com/advisories/eSO4126.asp" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1100.json b/2002/1xxx/CVE-2002-1100.json index 28461ae5121..e56e6e62d21 100644 --- a/2002/1xxx/CVE-2002-1100.json +++ b/2002/1xxx/CVE-2002-1100.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn-html-interface-dos(10025)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10025.php" - }, - { - "name" : "5617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" + }, + { + "name": "5617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5617" + }, + { + "name": "cisco-vpn-html-interface-dos(10025)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10025.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1121.json b/2002/1xxx/CVE-2002-1121.json index aef5a0a6d1a..d550e03872a 100644 --- a/2002/1xxx/CVE-2002-1121.json +++ b/2002/1xxx/CVE-2002-1121.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 (\"Message Fragmentation and Reassembly\") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020912 Bypassing SMTP Content Protection with a Flick of a Button", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html" - }, - { - "name" : "20020912 Bypassing SMTP Content Protection with a Flick of a Button", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103184267105132&w=2" - }, - { - "name" : "20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103184501408453&w=2" - }, - { - "name" : "20020912 Roaring Penguin fixes for \"Bypassing SMTP Content Protection with a Flick of a Button\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html" - }, - { - "name" : "20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html" - }, - { - "name" : "http://www.securiteam.com/securitynews/5YP0A0K8CM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5YP0A0K8CM.html" - }, - { - "name" : "VU#836088", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/836088" - }, - { - "name" : "5696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5696" - }, - { - "name" : "smtp-content-filtering-bypass(10088)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10088.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 (\"Message Fragmentation and Reassembly\") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020912 Bypassing SMTP Content Protection with a Flick of a Button", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html" + }, + { + "name": "20020912 Bypassing SMTP Content Protection with a Flick of a Button", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103184267105132&w=2" + }, + { + "name": "20020912 Roaring Penguin fixes for \"Bypassing SMTP Content Protection with a Flick of a Button\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html" + }, + { + "name": "smtp-content-filtering-bypass(10088)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10088.php" + }, + { + "name": "http://www.securiteam.com/securitynews/5YP0A0K8CM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5YP0A0K8CM.html" + }, + { + "name": "20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103184501408453&w=2" + }, + { + "name": "VU#836088", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/836088" + }, + { + "name": "5696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5696" + }, + { + "name": "20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1306.json b/2002/1xxx/CVE-2002-1306.json index 4f28fcbfed9..92ad9e21e60 100644 --- a/2002/1xxx/CVE-2002-1306.json +++ b/2002/1xxx/CVE-2002-1306.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the \"lisa\" daemon, and (2) remote attackers to execute arbitrary code via a certain \"lan://\" URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103712329102632&w=2" - }, - { - "name" : "SuSE-SA:2002:042", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html" - }, - { - "name" : "MDKSA-2002:080", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php" - }, - { - "name" : "RHSA-2002:220", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20021111-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20021111-2.txt" - }, - { - "name" : "DSA-214", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-214" - }, - { - "name" : "20021114 GLSA: kdelibs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103728981029342&w=2" - }, - { - "name" : "N-020", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-020.shtml" - }, - { - "name" : "kde-kdenetwork-lisa-bo(10597)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10597.php" - }, - { - "name" : "kde-kdenetwork-lan-bo(10598)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10598.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the \"lisa\" daemon, and (2) remote attackers to execute arbitrary code via a certain \"lan://\" URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2002:080", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php" + }, + { + "name": "20021114 GLSA: kdelibs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103728981029342&w=2" + }, + { + "name": "20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103712329102632&w=2" + }, + { + "name": "http://www.kde.org/info/security/advisory-20021111-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20021111-2.txt" + }, + { + "name": "kde-kdenetwork-lisa-bo(10597)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10597.php" + }, + { + "name": "N-020", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-020.shtml" + }, + { + "name": "kde-kdenetwork-lan-bo(10598)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10598.php" + }, + { + "name": "DSA-214", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-214" + }, + { + "name": "RHSA-2002:220", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html" + }, + { + "name": "SuSE-SA:2002:042", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1409.json b/2002/1xxx/CVE-2002-1409.json index a69e6a94ea7..0261e15e43d 100644 --- a/2002/1xxx/CVE-2002-1409.json +++ b/2002/1xxx/CVE-2002-1409.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via \"an incorrect reference to thread register state.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0208-206", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0041.html" - }, - { - "name" : "5425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5425" - }, - { - "name" : "oval:org.mitre.oval:def:5584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5584" - }, - { - "name" : "hp-ptrace-dos(9818)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9818.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via \"an incorrect reference to thread register state.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-ptrace-dos(9818)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9818.php" + }, + { + "name": "oval:org.mitre.oval:def:5584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5584" + }, + { + "name": "5425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5425" + }, + { + "name": "HPSBUX0208-206", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0041.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1698.json b/2002/1xxx/CVE-2002-1698.json index 8608b1c3c5f..b8312df916a 100644 --- a/2002/1xxx/CVE-2002-1698.json +++ b/2002/1xxx/CVE-2002-1698.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020506 Misformated message header causes msn messenger to crash", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/271130" - }, - { - "name" : "4675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4675" - }, - { - "name" : "msn-font-header-bo(9014)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4675" + }, + { + "name": "msn-font-header-bo(9014)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014" + }, + { + "name": "20020506 Misformated message header causes msn messenger to crash", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/271130" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1705.json b/2002/1xxx/CVE-2002-1705.json index f777231acd0..ef4eb1851a6 100644 --- a/2002/1xxx/CVE-2002-1705.json +++ b/2002/1xxx/CVE-2002-1705.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020615 IE 5.-6 CSS parsing error", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/277133" - }, - { - "name" : "20020615 RE: IE 5.-6 CSS parsing error", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2" - }, - { - "name" : "ie-css-bold-dos(9367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9367" - }, - { - "name" : "5027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020615 RE: IE 5.-6 CSS parsing error", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2" + }, + { + "name": "ie-css-bold-dos(9367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9367" + }, + { + "name": "20020615 IE 5.-6 CSS parsing error", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/277133" + }, + { + "name": "5027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5027" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1779.json b/2002/1xxx/CVE-2002-1779.json index ee2111c5450..4b82e9f0149 100644 --- a/2002/1xxx/CVE-2002-1779.json +++ b/2002/1xxx/CVE-2002-1779.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"block fragmented IP Packets\" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020416 Norton Personal Firewall 2002 vulnerable to SYN/FIN scan", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/267850" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html" - }, - { - "name" : "4545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"block fragmented IP Packets\" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4545" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html" + }, + { + "name": "20020416 Norton Personal Firewall 2002 vulnerable to SYN/FIN scan", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/267850" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0064.json b/2003/0xxx/CVE-2003-0064.json index 435b75751a4..7bb3eb9c82f 100644 --- a/2003/0xxx/CVE-2003-0064.json +++ b/2003/0xxx/CVE-2003-0064.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" - }, - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2" - }, - { - "name" : "HPSBUX0401-309", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/6236" - }, - { - "name" : "6942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6942" - }, - { - "name" : "terminal-emulator-window-title(11414)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11414.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2" + }, + { + "name": "HPSBUX0401-309", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/6236" + }, + { + "name": "terminal-emulator-window-title(11414)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11414.php" + }, + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" + }, + { + "name": "6942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6942" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0537.json b/2003/0xxx/CVE-2003-0537.json index 926cee3513b..51f3aff3f1f 100644 --- a/2003/0xxx/CVE-2003-0537.json +++ b/2003/0xxx/CVE-2003-0537.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-341", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-341", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-341" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0601.json b/2003/0xxx/CVE-2003-0601.json index cdad30f9c7d..bd3da90c985 100644 --- a/2003/0xxx/CVE-2003-0601.json +++ b/2003/0xxx/CVE-2003-0601.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=25631", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=25631" - }, - { - "name" : "macos-workgroup-gain-access(12728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12728" - }, - { - "name" : "8266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8266" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=25631", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=25631" + }, + { + "name": "macos-workgroup-gain-access(12728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12728" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0795.json b/2003/0xxx/CVE-2003-0795.json index 566c81d569b..d8f7cefdc96 100644 --- a/2003/0xxx/CVE-2003-0795.json +++ b/2003/0xxx/CVE-2003-0795.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031114 Quagga remote vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106883387304266&w=2" - }, - { - "name" : "RHSA-2003:305", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-305.html" - }, - { - "name" : "RHSA-2003:307", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-307.html" - }, - { - "name" : "DSA-415", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-415" - }, - { - "name" : "10563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:305", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-305.html" + }, + { + "name": "20031114 Quagga remote vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106883387304266&w=2" + }, + { + "name": "DSA-415", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-415" + }, + { + "name": "10563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10563" + }, + { + "name": "RHSA-2003:307", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-307.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0954.json b/2003/0xxx/CVE-2003-0954.json index dee909516c8..ff3967e69ee 100644 --- a/2003/0xxx/CVE-2003-0954.json +++ b/2003/0xxx/CVE-2003-0954.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY48272", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48272&apar=only" - }, - { - "name" : "IY48747", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48747&apar=only" - }, - { - "name" : "IY49238", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY49238&apar=only" - }, - { - "name" : "9078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9078" - }, - { - "name" : "1008258", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008258" - }, - { - "name" : "10276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10276/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008258", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008258" + }, + { + "name": "9078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9078" + }, + { + "name": "IY49238", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY49238&apar=only" + }, + { + "name": "10276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10276/" + }, + { + "name": "IY48747", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48747&apar=only" + }, + { + "name": "IY48272", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48272&apar=only" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1435.json b/2003/1xxx/CVE-2003-1435.json index 949e8df2148..826592110d9 100644 --- a/2003/1xxx/CVE-2003-1435.json +++ b/2003/1xxx/CVE-2003-1435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030220 PHPNuke SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html" - }, - { - "name" : "6887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6887" - }, - { - "name" : "phpnuke-search-sql-injection(11375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6887" + }, + { + "name": "20030220 PHPNuke SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html" + }, + { + "name": "phpnuke-search-sql-injection(11375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11375" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2271.json b/2004/2xxx/CVE-2004-2271.json index ba3e5ee0db8..67dd5849aa3 100644 --- a/2004/2xxx/CVE-2004-2271.json +++ b/2004/2xxx/CVE-2004-2271.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041107 [New VULNERABILTY + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0208.html" - }, - { - "name" : "http://www.securiteam.com/exploits/6X00B1PBPC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/6X00B1PBPC.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=241158", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=241158" - }, - { - "name" : "11620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11620" - }, - { - "name" : "11530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11530" - }, - { - "name" : "1012106", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012106" - }, - { - "name" : "13114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13114" - }, - { - "name" : "minishare-address-link-bo(17978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11530" + }, + { + "name": "minishare-address-link-bo(17978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17978" + }, + { + "name": "http://www.securiteam.com/exploits/6X00B1PBPC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/6X00B1PBPC.html" + }, + { + "name": "11620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11620" + }, + { + "name": "13114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13114" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=241158", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=241158" + }, + { + "name": "1012106", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012106" + }, + { + "name": "20041107 [New VULNERABILTY + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0208.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2735.json b/2004/2xxx/CVE-2004-2735.json index cfc5625eadd..f6a6bed4974 100644 --- a/2004/2xxx/CVE-2004-2735.json +++ b/2004/2xxx/CVE-2004-2735.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040505 Multiple vulnerabilities in P4DB", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-05/0046.html" - }, - { - "name" : "http://www.weak.org/~jammer/p4db_v2.01_patch_4.txt", - "refsource" : "MISC", - "url" : "http://www.weak.org/~jammer/p4db_v2.01_patch_4.txt" - }, - { - "name" : "10286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10286" - }, - { - "name" : "5901", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5901" - }, - { - "name" : "1010078", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010078" - }, - { - "name" : "11559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11559" - }, - { - "name" : "p4db-url-xss(16070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5901", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5901" + }, + { + "name": "1010078", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010078" + }, + { + "name": "p4db-url-xss(16070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16070" + }, + { + "name": "11559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11559" + }, + { + "name": "http://www.weak.org/~jammer/p4db_v2.01_patch_4.txt", + "refsource": "MISC", + "url": "http://www.weak.org/~jammer/p4db_v2.01_patch_4.txt" + }, + { + "name": "20040505 Multiple vulnerabilities in P4DB", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0046.html" + }, + { + "name": "10286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10286" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0885.json b/2012/0xxx/CVE-2012-0885.json index 2286c192fdd..ec1b8bf04ef 100644 --- a/2012/0xxx/CVE-2012-0885.json +++ b/2012/0xxx/CVE-2012-0885.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/20/16" - }, - { - "name" : "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/20/18" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-001.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-001.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=783487", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=783487" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-19202", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-19202" - }, - { - "name" : "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-19202", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff" + }, + { + "name": "[oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/20/16" + }, + { + "name": "[oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/20/18" + }, + { + "name": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=783487", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-001.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1068.json b/2012/1xxx/CVE-2012-1068.json index af4a8e3049d..e2f67cd04a1 100644 --- a/2012/1xxx/CVE-2012-1068.json +++ b/2012/1xxx/CVE-2012-1068.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php" - }, - { - "name" : "http://wordpress.org/extend/plugins/wp-recentcomments/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wp-recentcomments/changelog/" - }, - { - "name" : "49734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49734" - }, - { - "name" : "75635", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75635" - }, - { - "name" : "46141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46141" - }, - { - "name" : "wprecentcomments-core-xss(70003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php" + }, + { + "name": "49734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49734" + }, + { + "name": "wprecentcomments-core-xss(70003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70003" + }, + { + "name": "http://wordpress.org/extend/plugins/wp-recentcomments/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wp-recentcomments/changelog/" + }, + { + "name": "75635", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75635" + }, + { + "name": "46141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46141" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1323.json b/2012/1xxx/CVE-2012-1323.json index 72a8c978584..8918dc05a48 100644 --- a/2012/1xxx/CVE-2012-1323.json +++ b/2012/1xxx/CVE-2012-1323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1323", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1323", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1788.json b/2012/1xxx/CVE-2012-1788.json index 8db2600e634..29244371e1c 100644 --- a/2012/1xxx/CVE-2012-1788.json +++ b/2012/1xxx/CVE-2012-1788.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/110224/WonderDesk-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/110224/WonderDesk-Cross-Site-Scripting.html" - }, - { - "name" : "http://st2tea.blogspot.com/2012/02/wonderdesk-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://st2tea.blogspot.com/2012/02/wonderdesk-cross-site-scripting.html" - }, - { - "name" : "52193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52193" - }, - { - "name" : "79647", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79647" - }, - { - "name" : "48167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48167" - }, - { - "name" : "wonderdesk-wonderdesk-xss(73502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52193" + }, + { + "name": "wonderdesk-wonderdesk-xss(73502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73502" + }, + { + "name": "http://st2tea.blogspot.com/2012/02/wonderdesk-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://st2tea.blogspot.com/2012/02/wonderdesk-cross-site-scripting.html" + }, + { + "name": "79647", + "refsource": "OSVDB", + "url": "http://osvdb.org/79647" + }, + { + "name": "48167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48167" + }, + { + "name": "http://packetstormsecurity.org/files/110224/WonderDesk-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/110224/WonderDesk-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4136.json b/2012/4xxx/CVE-2012-4136.json index 5ccbe56d014..47e53d01b0e 100644 --- a/2012/4xxx/CVE-2012-4136.json +++ b/2012/4xxx/CVE-2012-4136.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco Unified Computing System Fabric Interconnect Remote Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVS-2012-4136" - }, - { - "name" : "54171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130925 Cisco Unified Computing System Fabric Interconnect Remote Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVS-2012-4136" + }, + { + "name": "54171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54171" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4453.json b/2012/4xxx/CVE-2012-4453.json index c40ed2c9247..7ae01df4d57 100644 --- a/2012/4xxx/CVE-2012-4453.json +++ b/2012/4xxx/CVE-2012-4453.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120927 Re: dracut creates non-world readable initramfs images", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/27/4" - }, - { - "name" : "[oss-security] 20120927 Re: dracut creates world readable initramfs images", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/27/6" - }, - { - "name" : "[oss-security] 20120927 dracut creates non-world readable initramfs images", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/27/3" - }, - { - "name" : "http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71", - "refsource" : "MISC", - "url" : "http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=859448", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=859448" - }, - { - "name" : "RHSA-2013:1674", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1674.html" - }, - { - "name" : "55713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55713" - }, - { - "name" : "dracut-initramfs-information-disclosure(79258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1674", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1674.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=859448", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859448" + }, + { + "name": "55713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55713" + }, + { + "name": "[oss-security] 20120927 Re: dracut creates non-world readable initramfs images", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/27/4" + }, + { + "name": "dracut-initramfs-information-disclosure(79258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79258" + }, + { + "name": "http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71", + "refsource": "MISC", + "url": "http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71" + }, + { + "name": "[oss-security] 20120927 Re: dracut creates world readable initramfs images", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/27/6" + }, + { + "name": "[oss-security] 20120927 dracut creates non-world readable initramfs images", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/27/3" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5212.json b/2012/5xxx/CVE-2012-5212.json index 887b0c9684e..b556636f4ca 100644 --- a/2012/5xxx/CVE-2012-5212.json +++ b/2012/5xxx/CVE-2012-5212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1663." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02854", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" - }, - { - "name" : "SSRT101033", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" - }, - { - "name" : "SSRT100881", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136268852804156&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1663." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100881", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136268852804156&w=2" + }, + { + "name": "SSRT101033", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" + }, + { + "name": "HPSBGN02854", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5596.json b/2012/5xxx/CVE-2012-5596.json index 3b309f49a5d..a4bad6cc1ef 100644 --- a/2012/5xxx/CVE-2012-5596.json +++ b/2012/5xxx/CVE-2012-5596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5596", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5596", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5812.json b/2012/5xxx/CVE-2012-5812.json index 937063c47ef..4930507de70 100644 --- a/2012/5xxx/CVE-2012-5812.json +++ b/2012/5xxx/CVE-2012-5812.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "acra-ssl-spoofing(79939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acra-ssl-spoofing(79939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79939" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5821.json b/2012/5xxx/CVE-2012-5821.json index 9d67b56ad35..e1ee0505d53 100644 --- a/2012/5xxx/CVE-2012-5821.json +++ b/2012/5xxx/CVE-2012-5821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351" - }, - { - "name" : "MDVSA-2013:101", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:101" - }, - { - "name" : "USN-1642-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1642-1" - }, - { - "name" : "lynx-ssl-spoofing(79930)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351" + }, + { + "name": "USN-1642-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1642-1" + }, + { + "name": "lynx-ssl-spoofing(79930)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79930" + }, + { + "name": "MDVSA-2013:101", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:101" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2678.json b/2017/2xxx/CVE-2017-2678.json index 1d9f2ed0523..1aba64c67e1 100644 --- a/2017/2xxx/CVE-2017-2678.json +++ b/2017/2xxx/CVE-2017-2678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3044.json b/2017/3xxx/CVE-2017-3044.json index c93533eeb64..48db8fec449 100644 --- a/2017/3xxx/CVE-2017-3044.json +++ b/2017/3xxx/CVE-2017-3044.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97556" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97556" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3246.json b/2017/3xxx/CVE-2017-3246.json index c7b9556ee7f..2fa653f94c5 100644 --- a/2017/3xxx/CVE-2017-3246.json +++ b/2017/3xxx/CVE-2017-3246.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95604" - }, - { - "name" : "1037639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95604" + }, + { + "name": "1037639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037639" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3334.json b/2017/3xxx/CVE-2017-3334.json index d61d7161205..cf32235219c 100644 --- a/2017/3xxx/CVE-2017-3334.json +++ b/2017/3xxx/CVE-2017-3334.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3651.json b/2017/3xxx/CVE-2017-3651.json index e68b5c01ef4..67897810110 100644 --- a/2017/3xxx/CVE-2017-3651.json +++ b/2017/3xxx/CVE-2017-3651.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.56 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.6.36 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.56 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.6.36 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "DSA-3922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3922" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2016:2927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2927.html" - }, - { - "name" : "RHSA-2016:2928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2928.html" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:2439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2439" - }, - { - "name" : "RHSA-2018:2729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2729" - }, - { - "name" : "99802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99802" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "RHSA-2018:2729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2729" + }, + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "99802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99802" + }, + { + "name": "RHSA-2016:2927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html" + }, + { + "name": "RHSA-2018:2439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2439" + }, + { + "name": "DSA-3922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3922" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "RHSA-2016:2928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3979.json b/2017/3xxx/CVE-2017-3979.json index 50d2717068e..d0ae04d48e8 100644 --- a/2017/3xxx/CVE-2017-3979.json +++ b/2017/3xxx/CVE-2017-3979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3979", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3979", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6762.json b/2017/6xxx/CVE-2017-6762.json index a489f2a690a..972890c6765 100644 --- a/2017/6xxx/CVE-2017-6762.json +++ b/2017/6xxx/CVE-2017-6762.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Jabber Guest Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Jabber Guest Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve09718." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber Guest Server", + "version": { + "version_data": [ + { + "version_value": "Cisco Jabber Guest Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve09718", - "refsource" : "CONFIRM", - "url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve09718" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj" - }, - { - "name" : "100108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100108" - }, - { - "name" : "1039060", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve09718." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039060", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039060" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj" + }, + { + "name": "100108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100108" + }, + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve09718", + "refsource": "CONFIRM", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve09718" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7082.json b/2017/7xxx/CVE-2017-7082.json index 6311b82ca76..fce0a95609d 100644 --- a/2017/7xxx/CVE-2017-7082.json +++ b/2017/7xxx/CVE-2017-7082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Screen Lock\" component. It allows physically proximate attackers to read Application Firewall prompts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "100993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100993" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Screen Lock\" component. It allows physically proximate attackers to read Application Firewall prompts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100993" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7400.json b/2017/7xxx/CVE-2017-7400.json index e0f020c9435..d0d0a68a78d 100644 --- a/2017/7xxx/CVE-2017-7400.json +++ b/2017/7xxx/CVE-2017-7400.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/1667086", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1667086" - }, - { - "name" : "RHSA-2017:1598", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1598" - }, - { - "name" : "RHSA-2017:1739", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1739" - }, - { - "name" : "97324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97324" + }, + { + "name": "https://launchpad.net/bugs/1667086", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1667086" + }, + { + "name": "RHSA-2017:1598", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1598" + }, + { + "name": "RHSA-2017:1739", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1739" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7475.json b/2017/7xxx/CVE-2017-7475.json index abf7574edad..39b87d0e592 100644 --- a/2017/7xxx/CVE-2017-7475.json +++ b/2017/7xxx/CVE-2017-7475.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cairo", - "version" : { - "version_data" : [ - { - "version_value" : "1.15.4" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NULL pointer dereference" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cairo", + "version": { + "version_data": [ + { + "version_value": "1.15.4" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170428 CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2017/q2/151" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=100763", - "refsource" : "MISC", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=100763" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=100763", + "refsource": "MISC", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763" + }, + { + "name": "[oss-security] 20170428 CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2017/q2/151" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8651.json b/2017/8xxx/CVE-2017-8651.json index baa4a57cbc1..324a13ae8b1 100644 --- a/2017/8xxx/CVE-2017-8651.json +++ b/2017/8xxx/CVE-2017-8651.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and Windows Server 2012." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and Windows Server 2012." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651" - }, - { - "name" : "100058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100058" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10442.json b/2018/10xxx/CVE-2018-10442.json index 4f5777f4930..c1943a5bbc3 100644 --- a/2018/10xxx/CVE-2018-10442.json +++ b/2018/10xxx/CVE-2018-10442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10636.json b/2018/10xxx/CVE-2018-10636.json index e2b00668409..9a593e07db5 100644 --- a/2018/10xxx/CVE-2018-10636.json +++ b/2018/10xxx/CVE-2018-10636.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-08T00:00:00", - "ID" : "CVE-2018-10636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CNCSoft with ScreenEditor", - "version" : { - "version_data" : [ - { - "version_value" : "CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-08T00:00:00", + "ID": "CVE-2018-10636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CNCSoft with ScreenEditor", + "version": { + "version_data": [ + { + "version_value": "CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01" - }, - { - "name" : "105032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01" + }, + { + "name": "105032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105032" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10690.json b/2018/10xxx/CVE-2018-10690.json index 7cb698282c8..b2d014d0375 100644 --- a/2018/10xxx/CVE-2018-10690.json +++ b/2018/10xxx/CVE-2018-10690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10845.json b/2018/10xxx/CVE-2018-10845.json index b87d20e9f9b..12f836d5be9 100644 --- a/2018/10xxx/CVE-2018-10845.json +++ b/2018/10xxx/CVE-2018-10845.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "gnutls", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-385" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gnutls", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html" - }, - { - "name" : "https://eprint.iacr.org/2018/747", - "refsource" : "MISC", - "url" : "https://eprint.iacr.org/2018/747" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845" - }, - { - "name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657" - }, - { - "name" : "RHSA-2018:3050", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3050" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "105138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-385" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845" + }, + { + "name": "https://eprint.iacr.org/2018/747", + "refsource": "MISC", + "url": "https://eprint.iacr.org/2018/747" + }, + { + "name": "https://gitlab.com/gnutls/gnutls/merge_requests/657", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gnutls/gnutls/merge_requests/657" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "105138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105138" + }, + { + "name": "RHSA-2018:3050", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3050" + }, + { + "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10945.json b/2018/10xxx/CVE-2018-10945.json index 88741dd8993..b26a4bd9864 100644 --- a/2018/10xxx/CVE-2018-10945.json +++ b/2018/10xxx/CVE-2018-10945.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html", - "refsource" : "MISC", - "url" : "http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html", + "refsource": "MISC", + "url": "http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14294.json b/2018/14xxx/CVE-2018-14294.json index e43c494180e..405e8a67453 100644 --- a/2018/14xxx/CVE-2018-14294.json +++ b/2018/14xxx/CVE-2018-14294.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-754", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-754" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-754", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-754" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14493.json b/2018/14xxx/CVE-2018-14493.json index cd9bb23ca15..9915f40a996 100644 --- a/2018/14xxx/CVE-2018-14493.json +++ b/2018/14xxx/CVE-2018-14493.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45160", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45160/" - }, - { - "name" : "https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit", - "refsource" : "MISC", - "url" : "https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45160", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45160/" + }, + { + "name": "https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit", + "refsource": "MISC", + "url": "https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17072.json b/2018/17xxx/CVE-2018-17072.json index ee2d70c94ba..2836fd7e54d 100644 --- a/2018/17xxx/CVE-2018-17072.json +++ b/2018/17xxx/CVE-2018-17072.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tunnuz/json/issues/11", - "refsource" : "MISC", - "url" : "https://github.com/tunnuz/json/issues/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tunnuz/json/issues/11", + "refsource": "MISC", + "url": "https://github.com/tunnuz/json/issues/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17144.json b/2018/17xxx/CVE-2018-17144.json index dce117ee0f7..6e1c4eb8749 100644 --- a/2018/17xxx/CVE-2018-17144.json +++ b/2018/17xxx/CVE-2018-17144.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", - "refsource" : "MISC", - "url" : "https://bitcoincore.org/en/2018/09/18/release-0.16.3/" - }, - { - "name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", - "refsource" : "MISC", - "url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144" - }, - { - "name" : "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", - "refsource" : "MISC", - "url" : "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md" - }, - { - "name" : "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", - "refsource" : "MISC", - "url" : "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", + "refsource": "MISC", + "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144" + }, + { + "name": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", + "refsource": "MISC", + "url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md" + }, + { + "name": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", + "refsource": "MISC", + "url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/" + }, + { + "name": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", + "refsource": "MISC", + "url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17401.json b/2018/17xxx/CVE-2018-17401.json index 6fb7e7f10e9..87c06a0d8c6 100644 --- a/2018/17xxx/CVE-2018-17401.json +++ b/2018/17xxx/CVE-2018-17401.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/magicj3lly/appexploits/blob/master/PhonePe%20Authentication%20Bypass-2.pdf", - "refsource" : "MISC", - "url" : "https://github.com/magicj3lly/appexploits/blob/master/PhonePe%20Authentication%20Bypass-2.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/magicj3lly/appexploits/blob/master/PhonePe%20Authentication%20Bypass-2.pdf", + "refsource": "MISC", + "url": "https://github.com/magicj3lly/appexploits/blob/master/PhonePe%20Authentication%20Bypass-2.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20290.json b/2018/20xxx/CVE-2018-20290.json index ff2fb1f7e60..1d446ac3f9f 100644 --- a/2018/20xxx/CVE-2018-20290.json +++ b/2018/20xxx/CVE-2018-20290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20362.json b/2018/20xxx/CVE-2018-20362.json index 4251aeb2fe8..cabc18065cf 100644 --- a/2018/20xxx/CVE-2018-20362.json +++ b/2018/20xxx/CVE-2018-20362.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/knik0/faad2/issues/26", - "refsource" : "MISC", - "url" : "https://github.com/knik0/faad2/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/knik0/faad2/issues/26", + "refsource": "MISC", + "url": "https://github.com/knik0/faad2/issues/26" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20536.json b/2018/20xxx/CVE-2018-20536.json index 0d3104577e8..e67749258a5 100644 --- a/2018/20xxx/CVE-2018-20536.json +++ b/2018/20xxx/CVE-2018-20536.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652610", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652610", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652610" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9099.json b/2018/9xxx/CVE-2018-9099.json index fc49aa871a1..12d18735c15 100644 --- a/2018/9xxx/CVE-2018-9099.json +++ b/2018/9xxx/CVE-2018-9099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9621.json b/2018/9xxx/CVE-2018-9621.json index 5d800486ad8..b1edc8f7485 100644 --- a/2018/9xxx/CVE-2018-9621.json +++ b/2018/9xxx/CVE-2018-9621.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9621", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9621", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9755.json b/2018/9xxx/CVE-2018-9755.json index 68d2adbc15f..a829990d630 100644 --- a/2018/9xxx/CVE-2018-9755.json +++ b/2018/9xxx/CVE-2018-9755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9931.json b/2018/9xxx/CVE-2018-9931.json index cf347f9cd9a..ef93ddc0cd7 100644 --- a/2018/9xxx/CVE-2018-9931.json +++ b/2018/9xxx/CVE-2018-9931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file